Дирекција за заштита на
личните податоци
Directorate for Personal Data
Protection
Republic of Macedonia
- DPDP 14th CEEDPA meeting
Kyiv, 20 – 22 May 2012
1
Дирекција за заштита на
личните податоци
STATUS of the Directorate for Personal Data
Protection
• Established on 22 June 2005
• Separate legal entity under the Law on Personal Data Protection
• Independence from Governmental institutions
• Financing: Budget of the Republic of Macedonia
Дирекција за заштита на
личните податоци
ORGANOGRAM
Director
State chancellor
Deputy Director
Unit for managing
human resources
Dep. for inspection
supervision – east
Dep. for inspection
supervision – west
Dep..for legal affairs
and international
cooperation
Dep.for Central register,
IT support, planning,
analyze and statistics
Unit for inspection
supervision over the
public sector – east
Unit for inspection
supervision over the
public sector – west
Unit for legal affairs
Unit for central R,
planning, analyze and
statistics
Unit for inspection
supervision over the
private sector – east
Unit for inspection
supervision over the
private sector –west
Unit for international
affairs and public
relations
Unit for IT support
Unit for finance
3
Дирекција за заштита на
личните податоци
MISSION OF THE DIRECTORATE FOR PERSONAL DATA PROTECTION
The Mission of the Directorate for Personal Data Protection is to ensure efficient system for every natural person to exercise its
right of personal data protection through the inspection over the legality of processing of personal data.
The Directorate is competent for:
• Creation of normative framework for implementation of the legislation on personal data protection;
• Implementation of the principles for personal data protection;
• Issuing opinions on the acts of the controllers and processors and on the processing of personal data;
• Performing inspection over the processing of personal data and their protection;
• Assessment of the lawfulness of the processing of personal data;
• Maintenance of the Central Register of collections of personal data;
• Keeping evidence and issuing approvals for transfer of personal data to other countries;
• Achieve international cooperation in the field of personal data protection and participate in the work of the
internationalorganizations and institutions for personal data protection
Besides those basic functions, the Directorate aims to realize its strategic goals:
• Acting upon requests of natural persons for violation of their right of personal data protection;
• Rising public awareness of the controllers and processors and the general public and
• Promotion of preventive instead of repressive mechanisms, activities and methods in the performance of the competencies
defined in the Law on personal data protection in the Republic of Macedonia.
4
Дирекција за заштита на
личните податоци
INSPECTION
Main competence of the Directorate given in the Article 37 of the Law on
personal data protection (“Official Gazette of the Republic of Macedonia” n.
7/05, 103/08, 124/10 and 135/11), “is performing inspection over the legality
of the activities for processing of personal data and their protection on the
territory of the Republic of Macedonia”.
In 2011, the number of inspectors in the Directorate increased which enabled
new conditions for the work of the inspectors such as direct education and
equipping with the newest IT technology.
In July 2011, inspectors were certified for ISO 27001. This certificate gives the
inspectors stronger capacity for performing inspections at the controllers and
processors that have complex IT infrastructure i.e. the inspectors upgraded their
knowledge in other areas.
5
Дирекција за заштита на
личните податоци
Compared to 2010, the Directorate for Personal Data Protection increased the
number of inspections. With a total number of 117 inspections in 2010, out of which
18 were transferred in 2011, during 2011, 146 inspections were performed.
Inspection in 2011
Inspection in 2010
Inspection in 2009
Inspection in 2008
0
20
40
60
80
100
120
140
160
6
Дирекција за заштита на
личните податоци
SIN - Software for inspection
This software, through a broadband internet connection, which can be
used out of the premises of the Directorate, will contribute to
•
more efficient and economic performance
•
generating reports
•
planning inspections
The inspection procedure is completely realized on the spot during the
course of the inspection which contributes in cutting of post expenditures
and the time needed for the procedure and in raising the efficiency of the
inspectors raising the efficiency of the inspectors and cutting of post
expenditures
7
Дирекција за заштита на
личните податоци
CONSULTATIONS
250
200
150
Opinions
Reprimands
In public sector
100
In private sector
50
0
2006
2007
2008
2009
2010
2011
Compared data show that the need for issuing opinions and reprimands is bigger in every year.
The total number in 2011 is almost two times higher than 2010. The increased of the number of
the requests for opinions shoes that the interest of the subjects for the right of personal data
protection is increased as well. All this shows that the work of the Directorate profiles the right
of privacy as one of the basic human rights protected by law.
8
Дирекција за заштита на
личните податоци
Participation in policy making and involvement of DPDP
In the process of drafting of laws
We have submitted to the Government of the Republic of Macedonia, an initiative for amending
the Rules of Procedure on the Work of the Government of the Republic of Macedonia, which
enables obligatory consultation of DPDP when the laws, materials, by-laws and other regulations
that involve protection of privacy and personal data are prepared.
Our initiative has been accepted and has resulted with adoption of the amendment to the Rules
of Procedure on the Work of the Government of the Republic of Macedonia that stipulates the
participation of DPDP in the process of drafting laws and by-laws.
Namely, Article 68 paragraph 1 line 9 from the Rules of Procedure on the Work of the
Government of the Republic of Macedonia stipulates that Ministries and other state
administrative bodies are obliged to submit to DPDP all materials, draft laws, by-laws, and other
draft regulations in the field of personal data protection for opinion of DPDP, prior to their
submission to the Government.
9
Дирекција за заштита на
личните податоци
TRAINIGS
For the purpose of raising the quality of the personal data protection from the
data controllers and processors and in the same time raising the general public
awareness, the Directorate is organizing in the framework of its jurisdiction is
organizing and implementing training/seminars for all interested data controllers
and processors. During 2011, the Directorate has organized and implemented
37 trainings where 758 participant from 548 controllers and processors
participated.
Controller/processor
Number
Local self-government
46
Banking
14
Insurance
8
Telecommunication
4
Primary schools
182
Secondary schools
85
Faculties
7
State institutions
13
Economy
90
Notaries
68
Executers
31
548
Area
Education
Health
Media
Banking, investment funds, and
stocks
Telecommunications
Pension funds
Public administration
Economy
Judiciary
Insurance
Local Self-government
Security Agencies
Energy
Hotel Services
Number of
participants
343
4
2
42
36
4
22
65
101
32
61
22
16
8
758
10
Дирекција за заштита на
личните податоци
INTERNATIONAL COOPERATION
International cooperation in the area of personal data protection and participation in the
international organizations and institutions competent for personal data protection is legal
determination. For the development of DPDP and its efficient fulfillment of the competencies the
alignment with the European development in the area of personal data protection is crucial.
Today’s technological development and boost transfer of data and unlimited communications
seeks openness of the institution to other countries and functioning in coordination with the organs
for personal data protection from Europe and world.
Today, DPDP implements international cooperation through three segments.
Firstly, through transposition of the European legislation and its implementation.
Secondly, through participation in work of the European bodies for personal data protection.
Thirdly, through establishment of bilateral cooperation with DPA’s of EU countries.
11
Дирекција за заштита на
личните податоци
STRATEGY FOR PERSONAL DATA
PROTECTION
in Republic of Macedonia
2012 – 2016
The Strategy for personal data protection 2012 – 2016 is drafted with support from the IPA 2008
Program “Support in drafting strategic documents and action plans including survey on the
awareness of the media for implementation of the right for personal data protection” realized in
the DPDP in 2011.
The Strategy is a medium – term document that determines the guidance for further activities.
The priorities are determined for realization by setting up concrete goals, for the purpose of
better protection of the personal data, increased awareness for the need of personal data
protection, implementation of the Law on personal data protection by the controllers and
processors and institutional structure of the DPDP that guarantee the right of privacy.
12
Дирекција за заштита на
личните податоци
Strategic goals:
 Ensuring efficient system for personal data protection
 Continuous harmonization of the national legislation for personal data
protection
 Facilitation of the approach and improvement of the efficiency of
evidence of the personal data collections
 Further increasing of the public awareness level for the right of personal
data protection
 Optimization of the institutional capacity
 Increased participation in the International cooperation
 Cooperation with the Commission for protection of the right of free
access to public information, the ombudsman and other state
authorities
13
Дирекција за заштита на
личните податоци
COMUNICATION STRATEGY FOR DIRECTORATE
FOR PERSONAL DATA PROTECTION
 One of the results from the IPA 2008 Project “Support to the
Directorate for Personal Data Protection
 In the process of preparation
 Implementation from June 2012
14
Дирекција за заштита на
личните податоци
RAISING PUBLIC AWARENESS
In order to ease the availability and transparency, the Directorate created an
entirely new concept and design of the website where regularly publishes all news
relating to the protection of personal data and recommendations for protection of
this fundamental human right. More information you can find at www.privacy.mk
Following the new communication trends, the Directorate created a group Directorate for the Protection of Personal Data - on one of the most visited social
networking websites, Facebook. Through this group Directorate communicates
with users of this service, publishes interesting articles for the right of protection of
personal data and promotes ongoing activities.
15
Дирекција за заштита на
личните податоци
Cooperation with media
Daily newspaper Nova Makedonija Through the web portal of the newspaper Nova Makedonija, citizens have a possibility to ask
questions regarding data protection. The Directorate prepares the answers that are published
every Monday in the newspaper. Since the beginning of this cooperation, in June 2011 until the
end of 2011, there were 45 received questions from citizens and 24 published articles in the
daily newspaper.
Macedonian Television – every Tuesday in morning program – Good morning
Macedonia (34 TV programs)
Cooperation with the Macedonian Radio Televisionis in the form of regular participation of the
staff from the Directorate in the morning program “Good Morning Macedonia”, where every
Tuesday actual topics from protection of personal data is elaborated. Citizens have the
opportunity of directly asking questions in this open program. During 2011, there were 17
discussions on deferent topics related with protection of personal data.
16
Дирекција за заштита на
личните податоци
EVENTS
15 March – Day of Consumers
My number – my protected world
•Declaration on cooperation for joint organization of Open Days
PURPOSE:
•contemporary developments in processing of the personal data through the
information technology from the operators of public electronic communication
services
•to raise the social responsibility of the business operators towards the consumers
and the community
17
Дирекција за заштита на
личните податоци
28th January, 2012
Celebration of Data Protection Day “Click safe”
- to increase the public awareness for the children’s safety on the
internet and in the same time increase the awareness of the teachers
and parents about children’s activities on internet.
- poetry and art competition for pupils
- safe use of internet discussed by the Ministry of
Education, the Directorate, the Ministry of Interior,
Microsoft Macedonia and the representatives of the
schools
18
Дирекција за заштита на
личните податоци
28 January - European Day of Personal Data Protection
The European Day on Personal Data Protection was celebrated for the fifth time on 28
January 2011. Under the motto I OWN MY PRIVACY , the Directorate in cooperation with
the Metamorphosis Foundation gave a presentation of the Guidance for privacy policy and
public debate on the topic "Safe electronic communication: fiction or reality."
Safer Internet Day-February 8, 2011
- "Life online is more than a game"
On February 8, 2011 Directorate took part in event Safer Internet Day- "Life online is more
than a game" which was organized by the Foundation Metamorphosis. The event
presented the principles of protection of personal data and their use of the Internet. Short
films were projected, regarding on line chat, addictive games, online fraudand cyber
violence, mobile phones and the web site Safe on the Internet was introduced
(www.crisp.org.mk).
19
Дирекција за заштита на
личните податоци
Regional Conference on “Strategic approach in
development of the mechanisms for personal data
protection” – 25th November 2011, Skopje
On 25 November 2011 the Directorate hosted the first international event in the Republic of
Macedonia in the field of personal data - Conference for strategic approach to the
development of mechanisms for protection of personal data, where the challenges of
institutional protection of personal data in terms of development the necessary mechanisms
were discussed.
The Conference was realized with support from the Delegation of the European Union and
the project team of IPA 2008 project "Support to the preparation of strategic documents and
relevant action plans, including research on the awareness of media for improved
implementation of the right of protection of personal data" which was implemented in the
period from March untill November 2011.
20
Дирекција за заштита на
личните податоци
International Conference
Modernization of the legislation for Personal Data
Protection
30 – 31 May 2012
Skopje, Macedonia
more information on
http://www.privacy.mk/en/node/453
21
Дирекција за заштита на
личните податоци
Thank you for your attention
Dimitar Gjeorgjievski
director
Directorate for Personal Data Protection of the
Republic of Macedonia
dimitar.gjeorgievski@privacy.mk
22